We are attempting to create systemd files for an ssh port monitoring
process. When we enable and attempt to start the service we get multiple
executions of the daemon and systemctl does not return until we do a
control-c. The init script and our attempt at replacement:
#!/bin/bash
#
# chkconfig: - 56 24
#
# sshdfilter Start up the SSH server daemon filter
#
# description: filter for SSH port connections to give more control
# over who can log in and if probed add firewall rules
# to block probing sites.
#
# processname: sshdfilter
# config: /etc/sshdfilterrc
# pidfile: /var/run/sshdfilter.pid
# pipe: /var/run/sshdfilter.fifo
### BEGIN INIT INFO
# Provides: sshdfilter
# Required-Start: $local_fs $network $rsyslog
# Required-Stop: $local_fs $rsyslog
# Should-Start: $rsyslog
# Should-Stop: $network $rsyslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start up the SSH filter server daemon
# Description: SSH is a protocol for secure remote shell access.
# This service starts up the SSH filter server daemon.
### END INIT INFO
# source function library
. /etc/rc.d/init.d/functions
# pull in sysconfig settings
[ -f /etc/sysconfig/sshdfilter ] && . /etc/sysconfig/sshdfilter
# make fifo if it does not exist
[ -p /var/run/sshdfilter.fifo ] || mkfifo /var/run/sshdfilter.fifo
RETVAL=0
prog="sshdfilter"
lockfile=/var/lock/subsys/$prog
# Some functions to make the below more readable
SSHDF=/usr/sbin/sshdfilter
PID_FILE=/var/run/sshdfilter.SSHD.pid
runlevel=$(set -- $(runlevel); eval "echo \$$#" )
start()
{
[ -x $SSHDF ] || exit 5
[ -f /etc/sshdfilterrc ] || exit 6
echo -n $"Starting $prog: "
$SSHDF $OPTIONS && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && touch $lockfile
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
if [ -n "`pidfileofproc $SSHDF`" ] ; then
killproc $SSHDF
else
failure $"Stopping $prog"
fi
RETVAL=$?
# if we are in halt or reboot runlevel kill all running sessions
# so the TCP connections are closed cleanly
if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
trap '' TERM
killall $prog 2>/dev/null
trap TERM
fi
[ $RETVAL -eq 0 ] && rm -f $lockfile
echo
}
restart() {
stop
start
}
rh_status() {
status -p $PID_FILE sshdfilter-daemon
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
start
;;
stop)
if ! rh_status_q; then
rm -f $lockfile
exit 0
fi
stop
;;
restart)
restart
;;
status)
rh_status
RETVAL=$?
if [ $RETVAL -eq 3 -a -f $lockfile ] ; then
RETVAL=2
fi
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
RETVAL=2
esac
exit $RETVAL
============ sshdfilter.service ===================
[Unit]
Description=sshdfilter Daemon
Documentation=file://usr/share/doc/sshdfilter-1.5.7/INSTALL.Fedora
DefaultDependencies=no
[Service]
Type=forking
PIDFile=/var/run/sshdfilter.SSHD.pid
ExecStart=/sbin/sshdfilter
NotifyAccess=all
[Install]
WantedBy=multi-user.target
============ sshdfilter.socket ===================
[Unit]
Description=sshdfilter Named Pipe
Documentation=file:///usr/share/doc/sshdfilter-1.5.7/INSTALL.Fedora
DefaultDependencies=no
After=syslog.target
[Socket]
ListenFIFO=/var/run/sshdfilter.fifo
SocketMode=0644
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
